Skip to content

Latest commit

 

History

History
74 lines (63 loc) · 2.88 KB

008.md

File metadata and controls

74 lines (63 loc) · 2.88 KB
Raw

Oblong Chiffon Mole

Medium

Inadequate Validation in Lido Withdrawal Processing

Summary

The _requestWithdraw and _claimWithdrawals functions in the LidoVault contract lack sufficient validation checks, which can lead to failed withdrawal requests and unclaimed funds.

Vulnerability Detail

  1. _requestWithdraw Issue: Insufficient validation of withdrawal amounts.
1137:   function _requestWithdraw(address user, uint256 stETHAmount) internal returns (uint256[] memory) {
1138:     unlockReceive = true;
1139:     require(stETHAmount >= MIN_STETH_WITHDRAWAL_AMOUNT, "WM");
---
1142:     bool approved = lido.approve(address(lidoWithdrawalQueue), stETHAmount);
1143:     require(approved, "AF");
---
1145:     uint256[] memory amounts = calculateWithdrawals(stETHAmount);
---
1148:     uint256[] memory requestIds = lidoWithdrawalQueue.requestWithdrawals(amounts, address(this));
1149:     require(requestIds.length > 0, "IWR");
---
1151:     emit WithdrawalRequested(stETHAmount, requestIds, user);
---
1153:     unlockReceive = false;
1154:     return requestIds;
1155:   }

The function does not validate if the withdrawal amount exceeds the maximum allowed per request or if the user has sufficient stETH balance. This can lead to failed requests.

  1. _claimWithdrawals Issue: Lack of validation to ensure all withdrawal requests are processed correctly.
1168:   function _claimWithdrawals(address user, uint256[] memory requestIds) internal returns (uint256) {
1169:     unlockReceive = true;
1170:     uint256 beforeBalance = address(this).balance;
---
1174:     for (uint i = 0; i < requestIds.length; i++) {
1175:       lidoWithdrawalQueue.claimWithdrawal(requestIds[i]);
1176:     }
---
1178:     uint256 withdrawnAmount = address(this).balance - beforeBalance;
1179:     require(withdrawnAmount > 0, "IWA");
---
1181:     emit WithdrawalClaimed(withdrawnAmount, requestIds, user);
---
1183:     unlockReceive = false;
1184:     return withdrawnAmount;
1185:   }

The function assumes all requests are successfully processed without validating each claim's success. If a claim fails, it may not be detected, leading to unclaimed funds.

Impact

Without proper validation, funds may remain unclaimed, causing discrepancies in expected vs. actual balances.

Code Snippet

Tool used

Manual Review

Recommendation

_requestWithdraw

  • Validate both minimum and maximum withdrawal amounts.
  • Check the user's stETH balance before processing the request to ensure they have sufficient funds.

_claimWithdrawals

  • Add checks to ensure each withdrawal claim is successful.
  • Implement retry mechanisms or logging for failed claims to track and address issues.